Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/d19c2d-38c3-4526-a7cf-1d666c422c6a/1/kgwU11d3qe3DvMPd4KzghnoM4QE.roa
File: kgwU11d3qe3DvMPd4KzghnoM4QE.roa (raw, json)
Hash identifier: 0MoyLoDcxfk7RXOS/O1cJn5qfN2NIOBdRQnljfYhp5I=
Subject key identifier: 92:0C:14:D7:57:77:A9:ED:C3:BC:C3:DD:E0:AC:E0:86:7A:0C:E1:01
Certificate issuer: /CN=e41a8c42ece89b5fbfc210dc7b554c72ea4f3544
Certificate serial: 019423D6AC0FD8C15FCA3B9E8E5694C40D42
Authority key identifier: E4:1A:8C:42:EC:E8:9B:5F:BF:C2:10:DC:7B:55:4C:72:EA:4F:35:44
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/5BqMQuzom1-_whDce1VMcupPNUQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/28/d19c2d-38c3-4526-a7cf-1d666c422c6a/1/kgwU11d3qe3DvMPd4KzghnoM4QE.roa
Signing time: Wed 01 Jan 2025 21:47:38 +0000
ROA not before: Wed 01 Jan 2025 21:47:38 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 57119
IP address blocks: 149.62.152.0/21 maxlen: 21
149.62.154.0/24 maxlen: 24
185.64.148.0/22 maxlen: 22
185.64.148.0/23 maxlen: 23
185.64.150.0/24 maxlen: 24
185.64.151.0/24 maxlen: 24
2a02:7680::/32 maxlen: 32
Validation: Failed, certificate revoked on Wed 09 Apr 2025 06:04:31 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:23:d6:ac:0f:d8:c1:5f:ca:3b:9e:8e:56:94:c4:0d:42
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e41a8c42ece89b5fbfc210dc7b554c72ea4f3544
Validity
Not Before: Jan 1 21:47:38 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=920c14d75777a9edc3bcc3dde0ace0867a0ce101
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:37:31:ba:4c:99:a4:d0:ab:8f:97:1d:3c:78:
d3:f3:2b:02:93:8c:24:59:f9:a5:81:ec:b5:34:87:
41:b5:75:2b:68:f9:86:1d:08:c3:4d:a8:9e:6d:36:
ba:31:21:fe:69:7d:f2:10:0c:99:ef:7b:4b:55:1d:
37:54:83:97:5e:45:78:7f:55:85:30:98:5d:75:18:
80:df:5e:70:c6:1e:a5:1d:57:34:36:85:94:37:30:
e2:c2:08:a6:6e:66:e2:fe:b4:54:0f:44:be:74:9f:
30:2e:68:17:4f:a8:0b:ba:bd:c1:10:30:23:cf:8b:
a0:32:15:0a:24:2a:33:74:49:85:39:53:b6:1e:32:
17:31:ec:18:01:3c:51:47:ef:31:4e:82:e6:e3:6d:
78:e7:89:7c:57:5a:92:56:5a:19:05:aa:2e:f8:04:
cb:2c:48:f9:cb:4d:2b:89:51:54:c7:c3:c8:b2:d5:
f5:d2:30:85:7e:4b:55:5d:9d:e1:a7:85:7b:c9:a2:
a3:53:d7:33:77:24:bc:f9:b0:7e:da:0a:9e:3b:79:
11:22:44:aa:3f:da:a4:30:73:d4:5a:da:b7:cf:3e:
86:d9:54:c6:ce:cd:b7:a1:46:39:73:be:4d:25:32:
a0:27:ed:11:29:2e:8b:1c:cb:b3:e9:3e:3f:26:7a:
5e:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
92:0C:14:D7:57:77:A9:ED:C3:BC:C3:DD:E0:AC:E0:86:7A:0C:E1:01
X509v3 Authority Key Identifier:
keyid:E4:1A:8C:42:EC:E8:9B:5F:BF:C2:10:DC:7B:55:4C:72:EA:4F:35:44
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5BqMQuzom1-_whDce1VMcupPNUQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/d19c2d-38c3-4526-a7cf-1d666c422c6a/1/kgwU11d3qe3DvMPd4KzghnoM4QE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/28/d19c2d-38c3-4526-a7cf-1d666c422c6a/1/5BqMQuzom1-_whDce1VMcupPNUQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
149.62.152.0/21
185.64.148.0/22
IPv6:
2a02:7680::/32
Signature Algorithm: sha256WithRSAEncryption
67:59:46:3f:a9:fa:a7:89:5d:f9:37:30:0f:74:b1:f0:4b:f2:
98:4d:f3:0c:cc:28:4d:6f:38:5d:9c:a3:9a:d9:57:56:83:1d:
06:1a:89:69:7f:ab:fe:30:4e:cc:3e:15:f7:c2:be:bb:54:19:
05:c6:1c:ec:c0:e3:20:a2:8c:5d:c6:3a:19:6e:47:7e:b1:ec:
a2:d1:7b:09:75:ee:0e:1e:35:13:3e:47:b9:1f:3e:55:97:89:
70:e0:3d:e5:61:3b:13:89:50:e8:44:9b:42:1b:a7:15:57:eb:
ab:30:dd:d5:68:bf:9d:89:e2:56:16:ea:9c:75:53:96:1e:bd:
40:ae:64:24:1a:ca:34:35:46:26:41:f0:48:08:5a:99:99:3f:
dc:e5:cf:39:af:55:71:aa:d7:a9:63:2e:d4:71:e9:36:81:98:
79:48:8d:a1:12:a1:ac:da:03:8a:a1:ab:18:fe:d3:09:63:bf:
53:db:74:92:65:e3:99:a7:c2:d4:65:fa:2a:55:06:39:97:4c:
3a:99:06:02:96:b1:a0:12:18:65:de:2d:25:ae:a9:75:2c:40:
b1:61:0a:24:b3:82:0b:cf:05:ab:64:aa:0f:00:52:64:5f:06:
fb:08:4d:d2:0c:3e:ce:07:4c:61:b2:c0:c9:27:15:ff:6e:80:
3e:15:34:1c
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQj1qwP2MFfyjuejlaUxA1CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0MWE4YzQyZWNlODliNWZiZmMyMTBkYzdiNTU0YzcyZWE0
ZjM1NDQwHhcNMjUwMTAxMjE0NzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjBjMTRkNzU3NzdhOWVkYzNiY2MzZGRlMGFjZTA4NjdhMGNlMTAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsjcxukyZpNCrj5cdPHjT8ysCk4wk
Wfmlgey1NIdBtXUraPmGHQjDTaiebTa6MSH+aX3yEAyZ73tLVR03VIOXXkV4f1WF
MJhddRiA315wxh6lHVc0NoWUNzDiwgimbmbi/rRUD0S+dJ8wLmgXT6gLur3BEDAj
z4ugMhUKJCozdEmFOVO2HjIXMewYATxRR+8xToLm421454l8V1qSVloZBaou+ATL
LEj5y00riVFUx8PIstX10jCFfktVXZ3hp4V7yaKjU9czdyS8+bB+2gqeO3kRIkSq
P9qkMHPUWtq3zz6G2VTGzs23oUY5c75NJTKgJ+0RKS6LHMuz6T4/JnpexQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFJIMFNdXd6ntw7zD3eCs4IZ6DOEBMB8GA1UdIwQY
MBaAFOQajELs6Jtfv8IQ3HtVTHLqTzVEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNUJxTVF1em9tMS1fd2hEY2UxVk1jdXBQTlVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC9kMTljMmQtMzhjMy00NTI2LWE3Y2Yt
MWQ2NjZjNDIyYzZhLzEva2d3VTExZDNxZTNEdk1QZDRLemdobm9NNFFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC9kMTljMmQtMzhjMy00NTI2LWE3Y2YtMWQ2NjZjNDIyYzZh
LzEvNUJxTVF1em9tMS1fd2hEY2UxVk1jdXBQTlVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDlT6YAwQC
uUCUMA0EAgACMAcDBQAqAnaAMA0GCSqGSIb3DQEBCwUAA4IBAQBnWUY/qfqniV35
NzAPdLHwS/KYTfMMzChNbzhdnKOa2VdWgx0GGolpf6v+ME7MPhX3wr67VBkFxhzs
wOMgooxdxjoZbkd+seyi0XsJde4OHjUTPke5Hz5Vl4lw4D3lYTsTiVDoRJtCG6cV
V+urMN3VaL+dieJWFuqcdVOWHr1ArmQkGso0NUYmQfBICFqZmT/c5c85r1Vxqtep
Yy7Ucek2gZh5SI2hEqGs2gOKoasY/tMJY79T23SSZeOZp8LUZfoqVQY5l0w6mQYC
lrGgEhhl3i0lrql1LECxYQoks4ILzwWrZKoPAFJkXwb7CE3SDD7OB0xhssDJJxX/
boA+FTQc
-----END CERTIFICATE-----
Generated at Sat Apr 19 03:33:19 2025 by rpki-client